Why Zero Trust Networks Are a Growing Trend
By Sriram Atchutuni | June 1, 2020
Summary: The security strategy of zero trust has been growing rapidly in recent years, as more corporate enterprises abandon traditional network configurations that rely on perimeter security. In today’s world of lockdowns, health anxiety, remote workers, increasing cybercrime, and too many unknowns to count, zero trust will likely emerge as the new standard for corporate security and infrastructure. Pharos is the only cloud print management solution provider that supports secure printing in zero-trust network environments.
Worldwide, business leaders are trying to adapt to a whole new economic landscape as we all learn to cope with and plan for an uncertain future, both near-term and long-term. Everything is being re-evaluated—supply chain, sales, pipeline, cloud expansion, and IT strategies for a more distributed workforce. COVID-19 has changed everything.
A New Security Paradigm
An important trend was already underway before the pandemic struck: the transition to zero trust architecture as the new standard for securing corporate networks. Zero trust is more than a singular technology or network topology, it’s a comprehensive information security paradigm that initially distrusts all users and all devices.
No one and nothing can gain access to network resources without first proving the required level of security and authorization. Zero trust involves several technologies, including policy engines, encryption, principles of least privilege, endpoint security, and more.
Even before the global pandemic struck, organizations were increasingly moving to Internet-only configurations for at least some segments of their network. Now that most companies have a largely remote workforce, which some companies believe is a permanent change, the Internet-only network is quickly becoming an important facet of the zero-trust strategy.
This is completely different from the traditional “castle and moat” network configuration which relies on perimeter security and assumes that everyone (and every device) inside the network is a trusted entity.
The fundamental problem with the castle and moat concept is that it makes every endpoint on the network a prime target for attackers. Once an attacker compromises an endpoint, they are essentially inside the network, and therefore every node on that network—every workstation, every server, every printer, every database—becomes easy prey.
In an Internet-only network, endpoints lose their value to attackers. The perimeter of the network cannot be compromised because the perimeter is segmented to surround everything. All endpoints that would otherwise be connected in an “east-west” fashion within the network are instead isolated within their own perimeters.
The only data transmission that does exist is in a “north-south” direction, and those secure connections are protected by access controls. Devices can only communicate with required services and have no line of sight to other devices.
Most hacks and malware insertions are enabled by human error. In the traditional network model where the entire network is protected by one verification point (user login credentials or a perimeter firewall), an attacker can leverage the inherent trust of the compromised endpoint to move laterally across the network to access sensitive data.
It’s called zero trust because no user, device, or application is inherently trusted. The Internet-only architecture means that lateral movement across the network is eliminated, minimizing the risk of a single endpoint being compromised.
There’s a network, but not in the traditional sense that we typically visualize. The moat still exists (the firewall providing perimeter security) but there’s no castle behind the moat to plunder.
An Accelerating Trend
According to BusinessWire, “The zero-trust security market is projected to grow from $15.6 Billion to 38.6 Billion by 2024.” Organizations are moving quickly to adopt this new security strategy, and those that have not yet started the migration process are increasingly planning to do so.
Guidance published in Gartner’s 2019 Market Guide for Zero Trust Network Access suggests that “Security and risk management leaders should plan pilot (zero trust) projects for employee and partner-facing applications.”
In our conversations with business leaders all over the globe, this is what everyone is talking about. The time is now.
Research by IBM (published in their Cost of a Data Breach study) revealed that the average cost to a company from a single data breach is almost $4 million. As the costs of security breaches continue to increase, so too does the sophistication of cyberattacks. Together, these factors have forced companies to think differently about how to protect their data.
Replacing the conventional network with zero trust technologies has changed the game and given the advantage to the organization rather than the determined hacker.
This is the fundamental reason why zero trust networks are increasingly implemented. In addition, businesses today are more distributed and the focus on internal perimeter security has become less relevant. Zero trust networks also provide greater flexibility and scalability at much lower cost.
Solutions for a Post-Quarantine World
According to NextGov, “COVID-19 should prompt enterprises to move quickly to zero trust.” This is not about any singular technology you can easily install to transform your organization, but a completely new paradigm for security and the corporate network.
In addition to the “north-south” topology, zero-trust security also entails strict user authentication protocols, end-to-end encryption, policy enforcement, and on-device threat detection for every asset. The focus is protecting individual resources rather than network segments, a concept that is increasingly relevant in a post-quarantine world in which remote workers and cloud-based assets are the norm.
Most office workers have been working from home and many companies are likely to give people the option to remain working from home permanently. This undeniable trend amplifies the significance and urgency of zero trust concepts as businesses are forced to re-think device and data protection.
Now that the corporate network extends to individual homes, businesses have to find new ways to mitigate and manage risk. Zero trust security assumes that the network is always under attack and provides a framework to ensure that data and devices are secure given that assumption.
Print as a Service
Print is a key part of the “everything as a service” model and a small but important facet of the zero trust environment. Printing in the office has traditionally meant that employees submit print jobs from their workstations over the network to a specific printer. Or, if an on-premises secure print solution is deployed, employees submit print jobs to a virtual queue on a network print server. Either way, the workstation has to be able to connect to another device on the network.
But this east-west communication between endpoints does not exist in an Internet-only network. So how does printing work in this new world?
To the end-user, the printing experience is the same as it always was. Behind the scenes, however, it’s a different story. Secure cloud printing in zero trust environment means that every device that is permitted access to the system is managed by the organization with a combination of policy and technology. Print jobs are still submitted as they normally are, from whatever application the employee is using.
As the following graphic illustrates, the print job is encrypted and sent over a secure line directly to the cloud service, where it is parked until the authorized user is ready to print it. Data about the print job is captured for reporting and analytics. Only the submitting user or an authorized delegate can access the document. When the authorized user successfully authenticates at a secured printer, the printer pulls the print job from the cloud. There is no line of sight between the employee workstation and the printer.
This arrangement means that any employee, properly configured in the system, can submit print jobs from their workstation or mobile device from any network location, be it a Starbucks or their home office, and then securely release their prints when it’s convenient to do so—either by visiting the office to authenticate, print, and collect the documents, or by enabling an authorized user at the office to print and deliver the documents to a desired location.
Zero Trust Printing: More Than Your Network Framework
In addition to the network architecture, there are many other technologies and policy-based aspects of zero trust that are directly relevant to printing. For example, it’s important to disable any unsecured protocols like RAW and LPR which have long been the veins through which print data flows. For a print solution to support zero trust, it will need to work without these outdated protocols to keep the data encrypted across the network.
A cloud-based printing environment means there’s far less for the organization to manage itself—there are no print servers, drivers or queues for IT staff to track and manage. As all cloud services do, printing with this system frees up an organization’s internal teams to focus on other areas of their business and technology landscape.
Shifting to zero trust and incorporating secure printing into your Internet-only landscape is likely just a matter of when, not if. It’s cheaper, simpler, more secure, more flexible, and more scalable. All the benefits of zero trust security and Internet-only networking extend to the printing context:
- Secure, identity-centric access
- Attack vectors are eliminated because lateral resources are invisible
- Enables business agility at scale
- Requires little ongoing maintenance
If you’re new to the concepts of zero trust security and Internet-only networking, and how print is changing to meet the needs of businesses and a more distributed workforce, we invite you to register for our June 11 Webinar, “Why Zero Trust Networks Matter.” You can also learn more about Sentry Print, our true cloud secure printing service built on AWS. The technical white paper below provides a detailed description of how Sentry Print works in an Internet-only configuration.